Unrated severityNVD Advisory· Published Feb 3, 2024· Updated Nov 3, 2025

IBM Security Access Manager Container privilege escalation

CVE-2023-31005

Description

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A local user can escalate privileges on IBM Security Verify Access due to improper security configuration in affected container deployments.

Vulnerability

IBM Security Verify Access Appliance and Docker versions 10.0.0.0 through 10.0.6.1 contain an improper security configuration that allows a local user to escalate privileges. This affects the container deployment specifically, as noted in the advisory [1].

Exploitation

An attacker with local access to the system can exploit the insecure configuration to elevate privileges. No authentication or user interaction is required beyond local shell access. The improper configuration likely grants elevated permissions to a user or group.

Impact

A successful exploit allows the attacker to gain elevated privileges, potentially leading to root-level access to the container. This could result in full compromise of the affected system, including unauthorized access to sensitive data and the ability to modify or disrupt services.

Mitigation

IBM has released fixes as part of IBM Security Verify Access updates. Affected users should upgrade to the latest version as recommended in the security bulletin [1]. If patching is not immediately possible, restrict local access to trusted users only.

References

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

IBM/Security Access Manager Containerllm-fuzzy
Range: 10.0.0.0 - 10.0.6.1
IBM/IBM Security Verify Access Dockerllm-fuzzy
Range: 10.0.0.0 - 10.0.6.1
IBM/Security Verify Access Appliancellm-fuzzy
Range: 10.0.0.0 - 10.0.6.1
IBM/Security Verify Accesscpe-rescue2 versions
10.0.0.0+ 1 more
- (no CPE)range: 10.0.0.0
- (no CPE)range: 10.0.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7106586mitrevendor-advisory
exchange.xforce.ibmcloud.com/vulnerabilities/254767mitrevdb-entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000